SaaS vs. Server-Based Systems

Oct. 27, 2008
The Software-as-a-Service model can reduce TCO for access control systems

Total Cost of Ownership is a well-studied discipline within IT at large, but its results have seldom been brought to bear on the world of electronic access control. Now that the Internet-based Software-as-a-Service (SaaS) model for access control management platforms is in many cases replacing the traditional server-based approach, integrators and end-users alike should evaluate which is the most cost-effective solution.

Until recently, it has been common for buyers to think of system cost in terms of one-time, up-front server and software expenses; however, it has become a well established fact that the largest part of PC or server ownership cost actually lies in ongoing operational expenses, maintenance and support agreements. This is particularly true of computer systems providing infrastructure services such as access control, because they must be held to a higher standard of availability and performance than ordinary office equipment.

Recent research by Brivo Systems reveals that for most classes of applications, the SaaS model for security management platforms is the clear operational and financial winner, due primarily to the economies of scale introduced by hosted application services.

The study concluded that the SaaS solution has a nearly $26,000 (or 76 percent) advantage over a server-based solution. This article will examine the cost factors and methodology that led to this conclusion.

Cost Factors and Methodology

To perform a cost comparison between traditional server-based and SaaS security management platforms, the following categories of operational expense were examined:

Initial installation costs , such as hardware and software license purchases, as well as labor expenses for provisioning control panels, servers or other software systems.

Recurring fees , including SaaS subscription fees, server software licensing and hardware and software maintenance agreements.

Operational expenses , such as electrical power, rack space and disaster recovery sites.

IT staff costs , including routine maintenance, troubleshooting, patches for server-based systems and the cost of upgrades and replacements.

A number of additional factors are often included in a complete TCO analysis, but they vary considerably from organization to organization. These factors include organizational cost of server downtime (including lost productivity and explicit cost of IT and security staff time to remediate failed systems), and business risk cost of system unavailability (including lost revenues, liabilities due to service level agreements and loss of good will). These factors were difficult to include in a meaningful generic model and were excluded .

The costs of procuring and installing lock hardware, readers, sensors, control panels, wiring, and other common items were assumed to be equal across both server- and SaaS-based systems. In other words, all TCO differences between the two types of security management platform were the direct result of IT and operational expense factors, not the specific model of control panel, reader, etc.

Within this framework, the methodology for establishing the expense of every relevant management platform line item in our TCO model was to work from documented sources. Those included actual quotations from integrators to end-users for various types of system installation, or, equivalently, from published price lists available in the industry; published studies on the cost of various types of IT services and/or staff time; and published rate structures for publicly available services, such as electrical power, rack space and off-site backup services.

Two composite case studies were used as examples for the purposes of this article. The first is a single-site access control system with a total of six doors. The second is a two-site system with six doors per site, requiring a common access control system across both, linked by an IP network.

Installation Costs

Installation costs were quantified for four areas, with the following results:

System Installation Expenses

SaaS

Server-Based

Installed cost of control panels and related hardware

$3,200.00

$3,200.00

IT staff expense, including initial consultation, network configuration, firewall settings

$100.00

$800.00

Installed cost of servers

$0.00

$4,400.00

Cost of software licenses:
- Application license
- Operating System
- Database
- Middleware
- Backup Storage

$0.00

$2,100.00

TOTAL ONE-TIME EXPENSES

$3,300.00

$10,500.00

Staff time for the server-based system included initial consultation for server installation, establishing networking parameters for server system and related control panels, assessing firewall policy impact and making needed adjustments for remote access to the security management platform. The SaaS platform, by contrast, used DHCP on all control panels, thereby eliminating the need to assign static IP addresses or perform other network management tasks. It also required no changes to the firewall, as it used an existing “outbound 443 allowed” policy. Remote access to the access control application is a baseline capability of the SaaS model.

Installed cost of servers for the server-based model included two security-grade redundant servers (to offer similar redundancy to the SaaS solution, which is intrinsically redundant), as well as one day of installation and set-up time on-site. With the SaaS model, of course, there is no on-site server installation, which eliminated these costs.

Software license fees included all required licenses for applications, middleware, database and operating system. These costs are all built in to the monthly fees for SaaS services, which means that there is no up-front charge for any of these items.

Recurring Fees

Recurring fees were identified for three areas, with the following results:

Recurring Fees

SaaS

Server-Based

Annual recurring service fees

$960.00

$0.00

Annual software maintenance

$0.00

$150.00

Annual technical support fees

$0.00

$150.00

RECURRING ANNUAL FEES

$960.00

$300.00

Monthly subscription fees are the hallmark of the SaaS model, whereas they are zero for an installed server-based system. Retail rates for these services vary considerably depending on whether any additional services are bundled in (e.g., 24/7 telephone support, concierge services, etc.). In this analysis, a market average for basic subscription services was used.

Annual software maintenance fees — typically charged to entitle users to ongoing software upgrades — are free in the SaaS model, as upgrades to Internet-based SaaS services are part of the core value proposition of such services.

Technical Support fees for access to telephone support are required by most organizations, but tend to be included or bundled into the monthly subscription fees of SaaS vendors.

Operational Expenses

Operational expenses (non-IT) identified as relevant to the TCO model were primarily related to energy — an increasingly visible cost of computing infrastructure.

Operational Expenses (Ongoing)

SaaS

Server-Based

Electrical power for server

$0.00

$709.21

Data center power expense for cooling, delivery, backup, air handling.

$0.00

$709.21

OPERATIONAL EXPENSES

$0.00

$1,418.42

The primary power consumption expense is based on redundant servers, with 2x400 W power supplies, running at all times, with an average cost of $0.1012 per KWH for commercial power. Note that there is no associated power consumption for a SaaS security management platform, as all applications and databases are offsite and included in the monthly subscription fee. A redundant configuration is used for this calculation to compare fairly with the redundancy offered by an enterprise-grade SaaS provider.

The additional expense of delivering this power to the servers assumes a PUE (Power Usage Efficiency) of 2.0 for a well run data center, which implies that every watt consumed for IT equipment is matched by an additional watt for uninterruptible power (UPS), chillers, air handlers and power distribution equipment.

Ongoing IT Expenses

Ongoing IT expenses proved to be a significant component of overall annual and lifetime costs, as show below:

IT Expenses (Recurring)

SaaS

Server-Based

Rack space for server

$0.00

$720.00

Redundant Offsite Data Backup

$0.00

$239.40

Server Management Annual

$0.00

$1,200.00

Budgeted server upgrades/replacements

$0.00

$880.00

Allocated IT support staff cost

$0.00

$0.00

IT EXPENSES

$0.00

$3,039.40

Rack space to house two redundant 1U servers was estimated based on the lowest commercially available cost for which we could find pricing data. Again, rack space is calculated on the basis of redundant servers in order to compare fairly with redundancy provide by an enterprise-grade SaaS provider.

Most (if not all) SaaS providers include remote backup to a Disaster Recovery data center. For the sake of making an even comparison, the cost of an offsite backup of all data was added to the server-based solution at the lowest available commercial rate.

Server management cost was budgeted at a very low one hour per month for the server-based system, with fully loaded labor rates at national averages for IT personnel. Again, such costs are avoided when using a SaaS provider.

Budgeted server upgrade or replacement costs reflect likely or planned server upgrade requirements that occur over a 5-year period — a much longer lifespan than most servers in today's IT environment. Many systems require upgrades over this time span due to mandatory operating system and security upgrades, as well as product obsolescence.

Single Site Summary

The following table summarizes the findings presented above and multiplies out the annual recurring fees for both solutions to their five-year totals.

Expense Category

SaaS

Server-Based

Period of Expense

Up-Front Expenses

$3,300.00

$10,500.00

One-time

Recurring Annual Fees

$960.00

$300.00

Annual

Operational Expenses

$-

$1,418.42

Annual

IT Expenses

$-

$3,039.40

Annual

TOTAL 5-YEAR
COST OF OWNERSHIP

$8,100.00

$34,289.10

5-Year

The cost savings of using a SaaS solution for access control are clearly dramatic — and probably far greater than most observers would have expected. Many server-based systems clearly appear to be less expensive than this to own and operate, so where exactly did the costs grow beyond expectations?

A few things to remember about this analysis is that in the interest of a fair comparison with a SaaS offering, the server-based solution that we modeled was likely more powerful than many deployed in smaller businesses, and offered more services, such as redundancy, offsite backup, automatic upgrades to applications and system software, as well as full technical support.

Similarly, it was equipped with infrastructure elements such uninterruptible power, environmental conditioning, data center quality rack space (as opposed to sitting under someone's desk) that represent costs often overlooked or left as “overhead” in the hasty comparison often presented during the sales cycle.

Nonetheless, even with “downgrades” to the quality of service used to price out the server solution, it has approximately $26,000 of cost disadvantage that it would have to overcome during the five-year lifecycle in order to compete with the SaaS solution.

Additionally, the data presented thus far has primarily addressed a single-site case. Quantitatively and qualitatively, the SaaS solution fares even better in a multi-site application, primarily due to additional cost penalties that the server-based solution must pay during initial setup of VPNs , along with higher ongoing IT expenses due to the complexity of managing the security management applications over a far-flung network.

Steven Van Till is president and chief operating officer of Brivo Systems.

An interactive systems architect, Steve joined Brivo from Sapient Corp., where he served as director of Internet consulting. He holds a bachelor's degree from Calvin College in philosophy and was a Ph.D. candidate in physics at the University of Maryland.

About the Author

Steve Van Till | Co-Founder, President and CEO of Brivo, Inc

Steven Van Till is Co-Founder, President & CEO of Brivo, Inc. a cloud services provider of access control, video surveillance, mobile, and identity solutions delivered as a SaaS offering. He also serves as Chairman of the SIA Standards Committee, and is a frequent author and speaker for numerous security publications and forums, and the inventor of several patents in the field of physical security. Mr. Van Till was previously Director of Internet Consulting for Sapient Corporation, where he lead client strategy engagements for the first wave of the dot.com era. At the healthcare informatics company HCIA, Steve was responsible for Internet strategy for data analytics services. Steve also has more than 10 years of experience in wireless communications as Vice President of Software Development at Geostar, and as Director of Systems Engineering at Communications Satellite Corporation. Steve is the author of "The Five Technological Forces Transforming Physical Security." In his first book, he shares his journey through the surprising ways that the biggest disruptors of our time--cloud, mobile, IoT, social, and big data--are impacting the physical security industry and the people Brivo protects.